OpenVAS Libraries  9.0.3
nasl_builtin_plugins.h File Reference

Header file for built-in plugins. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellplugin_run_find_service (lex_ctxt *)
 
tree_cellplugin_run_openvas_tcp_scanner (lex_ctxt *)
 
tree_cellplugin_run_synscan (lex_ctxt *)
 
tree_cellplugin_run_nmap (lex_ctxt *)
 Run the nmap_net subsystem. More...
 

Detailed Description

Header file for built-in plugins.

Definition in file nasl_builtin_plugins.h.

Function Documentation

◆ plugin_run_find_service()

tree_cell* plugin_run_find_service ( lex_ctxt )

Definition at line 2509 of file nasl_builtin_find_service.c.

References arg_get_value(), arg_get_value_int(), CA_FILE, CERT_FILE, get_plugin_preference(), get_plugin_preference_fname(), KEY_FILE, MAX_SONS, NUM_CHILDREN, struct_lex_ctxt::oid, oid, PEM_PASS, plug_get_kb(), plug_set_ssl_CA_file(), plug_set_ssl_cert(), plug_set_ssl_key(), plug_set_ssl_pem_password(), struct_lex_ctxt::script_infos, and TEST_SSL_PREF.

2510 {
2511  struct arglist *desc = lexic->script_infos;
2512 
2513  oid = lexic->oid;
2514 
2515  kb_t kb = plug_get_kb (desc);
2516  struct kb_item *kbitem, *kbitem_tmp;
2517 
2518  struct arglist *sons_args[MAX_SONS];
2519  int sons_pipe[MAX_SONS][2];
2520  int num_ports = 0;
2521  char *num_sons_s = get_plugin_preference (oid, NUM_CHILDREN);
2522  int num_sons = 6;
2523  int port_per_son;
2524  int i;
2525  struct arglist *globals = arg_get_value (desc, "globals");
2526  int unix_sock = arg_get_value_int (globals, "global_socket");
2527  int test_ssl = 1;
2528  char *key = get_plugin_preference (oid, KEY_FILE);
2529  char *cert = get_plugin_preference (oid, CERT_FILE);
2530  char *pempass = get_plugin_preference (oid, PEM_PASS);
2531  char *cafile = get_plugin_preference (oid, CA_FILE);
2532  char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF);
2533 
2534  if (key && key[0] != '\0')
2535  key = (char *) get_plugin_preference_fname (desc, key);
2536  else
2537  key = NULL;
2538 
2539  if (cert && cert[0] != '\0')
2540  cert = (char *) get_plugin_preference_fname (desc, cert);
2541  else
2542  cert = NULL;
2543 
2544  if (cafile && cafile[0] != '\0')
2545  cafile = (char *) get_plugin_preference_fname (desc, cafile);
2546  else
2547  cafile = NULL;
2548 
2549  if (test_ssl_s != NULL)
2550  {
2551  if (strcmp (test_ssl_s, "None") == 0)
2552  test_ssl = 0;
2553  }
2554  if (key || cert)
2555  {
2556  if (!key)
2557  key = cert;
2558  if (!cert)
2559  cert = key;
2560  plug_set_ssl_cert (desc, cert);
2561  plug_set_ssl_key (desc, key);
2562  }
2563  if (pempass != NULL)
2564  plug_set_ssl_pem_password (desc, pempass);
2565  if (cafile != NULL)
2566  plug_set_ssl_CA_file (desc, cafile);
2567 
2568 
2569  signal (SIGTERM, sigterm);
2570  signal (SIGCHLD, sigchld);
2571  if (num_sons_s != NULL)
2572  num_sons = atoi (num_sons_s);
2573 
2574  if (num_sons <= 0)
2575  num_sons = 6;
2576 
2577  if (num_sons > MAX_SONS)
2578  num_sons = MAX_SONS;
2579 
2580 
2581 
2582 
2583  for (i = 0; i < num_sons; i++)
2584  {
2585  sons[i] = 0;
2586  sons_args[i] = NULL;
2587  }
2588 
2589  if (kb == NULL)
2590  return NULL; // TODO: in old days returned "1". Still relevant?
2591 
2592  kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2593 
2594  /* count the number of open TCP ports */
2595  kbitem_tmp = kbitem;
2596  while (kbitem_tmp != NULL)
2597  {
2598  num_ports++;
2599  kbitem_tmp = kbitem_tmp->next;
2600  }
2601 
2602  port_per_son = num_ports / num_sons;
2603 
2604  /* The next two loops distribute the ports across a number of 'sons'.
2605  */
2606 
2607  kbitem_tmp = kbitem;
2608 
2609  for (i = 0; i < num_sons; i = i + 1)
2610  {
2611  int j;
2612 
2613  if (kbitem_tmp != NULL)
2614  {
2615  for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2616  {
2617  if (sons_args[i] == NULL)
2618  sons_args[i] = g_malloc0 (sizeof (struct arglist));
2619  arg_add_value (sons_args[i], kbitem_tmp->name, kbitem_tmp->type,
2620  NULL);
2621  j++;
2622  kbitem_tmp = kbitem_tmp->next;
2623  }
2624  }
2625  else
2626  break;
2627  }
2628 
2629 
2630  for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2631  {
2632  if (sons_args[i] == NULL)
2633  sons_args[i] = g_malloc0 (sizeof (struct arglist));
2634  arg_add_value (sons_args[i], kbitem_tmp->name, kbitem_tmp->type, NULL);
2635  i++;
2636  kbitem_tmp = kbitem_tmp->next;
2637  }
2638 
2639  kb_item_free (kbitem);
2640 
2641 
2642  for (i = 0; i < num_sons; i++)
2643  if (sons_args[i] == NULL)
2644  break;
2645 
2646 
2647  num_sons = i;
2648 
2649 
2650  for (i = 0; i < num_sons; i++)
2651  {
2652  usleep (5000);
2653  if (sons_args[i] != NULL)
2654  {
2655  if (socketpair (AF_UNIX, SOCK_STREAM, 0, sons_pipe[i]) < 0)
2656  {
2657  perror ("socketpair ");
2658  break;
2659  }
2660  sons[i] = fork ();
2661  if (sons[i] == 0)
2662  {
2663  int soc;
2664 
2665  kb_lnk_reset (kb);
2666  nvticache_reset ();
2667  soc = arg_get_value_int (globals, "global_socket");
2668  close (sons_pipe[i][1]);
2669  close (soc);
2670  soc = sons_pipe[i][0];
2671  arg_set_value (globals, "global_socket", GSIZE_TO_POINTER (soc));
2672  signal (SIGTERM, _exit);
2673  plugin_do_run (desc, sons_args[i], test_ssl);
2674  exit (0);
2675  }
2676  else
2677  {
2678  close (sons_pipe[i][0]);
2679  if (sons[i] < 0)
2680  sons[i] = 0; /* Fork failed */
2681  }
2682  arg_free (sons_args[i]);
2683  }
2684  }
2685 
2686 
2687 
2688  for (;;)
2689  {
2690  int flag = 0;
2691  fd_set rd;
2692  struct timeval tv;
2693  int max = -1;
2694  int e;
2695 
2696 
2697  FD_ZERO (&rd);
2698  for (i = 0; i < num_sons; i++)
2699  {
2700  if (sons[i] != 0 && (sons_pipe[i][1] >= 0))
2701  {
2702  FD_SET (sons_pipe[i][1], &rd);
2703  if (sons_pipe[i][1] > max)
2704  max = sons_pipe[i][1];
2705  }
2706  }
2707 
2708  again:
2709  tv.tv_usec = 100000;
2710  tv.tv_sec = 0;
2711  e = select (max + 1, &rd, NULL, NULL, &tv);
2712  if (e < 0 && errno == EINTR)
2713  goto again;
2714 
2715  if (e > 0)
2716  {
2717  for (i = 0; i < num_sons; i++)
2718  {
2719  if (sons[i] != 0 && sons_pipe[i][1] >= 0
2720  && FD_ISSET (sons_pipe[i][1], &rd) != 0)
2721  {
2722  if (fwd_data (sons_pipe[i][1], unix_sock, sons[i]) < 0)
2723  {
2724  close (sons_pipe[i][1]);
2725  sons_pipe[i][1] = -1;
2726  while (waitpid (sons[i], NULL, WNOHANG)
2727  && errno == EINTR);
2728  sons[i] = 0;
2729  }
2730  }
2731  }
2732  }
2733  for (i = 0; i < num_sons; i++)
2734  {
2735  if (sons[i] != 0)
2736  {
2737  while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR);
2738 
2739  if (kill (sons[i], 0) < 0)
2740  {
2741  fwd_data (sons_pipe[i][1], unix_sock, sons[i]);
2742  close (sons_pipe[i][1]);
2743  sons_pipe[i][1] = -1;
2744  sons[i] = 0;
2745  }
2746  else
2747  flag++;
2748  }
2749  }
2750 
2751 
2752  if (flag == 0)
2753  break;
2754  }
2755 
2756  return NULL;
2757 }
void kb_item_free(struct kb_item *)
Release a KB item (or a list).
Definition: kb_redis.c:501
void nvticache_reset()
Reset connection to KB. To be called after a fork().
Definition: nvticache.c:138
#define TEST_SSL_PREF
int arg_set_value(struct arglist *arglst, const char *name, void *value)
Definition: arglists.c:225
#define max
Definition: nasl_wmi.c:61
Knowledge base item (defined by name, type (int/char*) and value). Implemented as a singly linked lis...
Definition: kb.h:81
void plug_set_ssl_CA_file(struct arglist *args, char *key)
Definition: plugutils.c:1035
struct kb_item * next
Definition: kb.h:91
void arg_free(struct arglist *arg)
Definition: arglists.c:322
const char * oid
enum kb_item_type type
Definition: kb.h:83
#define MAX_SONS
#define KEY_FILE
const char * get_plugin_preference_fname(struct arglist *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition: plugutils.c:551
void plug_set_ssl_pem_password(struct arglist *args, char *key)
Definition: plugutils.c:1025
kb_t plug_get_kb(struct arglist *args)
Definition: plugutils.c:710
#define NUM_CHILDREN
#define CA_FILE
void arg_add_value(struct arglist *arglst, const char *name, int type, void *value)
Definition: arglists.c:170
Top-level KB. This is to be inherited by KB implementations.
Definition: kb.h:102
#define CERT_FILE
struct timeval timeval(unsigned long val)
int arg_get_value_int(struct arglist *args, const char *name)
Definition: arglists.c:246
void plug_set_ssl_cert(struct arglist *args, char *cert)
Definition: plugutils.c:1013
void plug_set_ssl_key(struct arglist *args, char *key)
Definition: plugutils.c:1019
char name[0]
Definition: kb.h:94
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
#define PEM_PASS
char * get_plugin_preference(const char *oid, const char *name)
Definition: plugutils.c:476
Here is the call graph for this function:

◆ plugin_run_nmap()

tree_cell* plugin_run_nmap ( lex_ctxt lexic)

Run the nmap_net subsystem.

Parameters
[in]lexicNASL state.
Returns
NULL on error, FAKE_CELL on success.

Definition at line 485 of file nasl_builtin_nmap.c.

References dbg.

486 {
487  nmap_t *nmap;
488 
489  dbg ("Starting Nmap builtin wrapper\n");
490 
491  /* Initialize our nmap handler */
492  if ((nmap = nmap_create (lexic)) == NULL)
493  {
494  dbg ("Unable to initialize Nmap\n");
495  return NULL;
496  }
497 
498  /* Execute nmap and store results */
499  nmap_run_and_parse (nmap);
500 
501  /* release resources */
502  nmap_destroy (nmap);
503 
504  return FAKE_CELL;
505 }
#define FAKE_CELL
Definition: nasl_tree.h:120
#define dbg(...)
Main nmap execution handler.

◆ plugin_run_openvas_tcp_scanner()

tree_cell* plugin_run_openvas_tcp_scanner ( lex_ctxt )

Definition at line 1269 of file nasl_builtin_openvas_tcp_scanner.c.

References arg_get_value(), find_in_path(), GRAB_MAX_SOCK, GRAB_MAX_SOCK_SAFE, GRAB_MIN_SOCK, host_info::ip, log_legacy_write(), prefs_get(), prefs_get_bool(), RLIM_INFINITY, safe_checks(), and struct_lex_ctxt::script_infos.

1270 {
1271  struct arglist *desc = lexic->script_infos;
1272  struct host_info *hostinfo = arg_get_value(desc, "HOSTNAME");
1273  const char * port_range = prefs_get ("port_range");
1274  const char * p;
1275  struct in6_addr *p_addr;
1276  int timeout = 0, max_cnx, min_cnx, x;
1277  int safe_checks = prefs_get_bool ("safe_checks");
1278 
1279  p = prefs_get ("checks_read_timeout");
1280  if (p != NULL) timeout = atoi(p);
1281  if (timeout <= 0)
1282  timeout = 5;
1283 #if DEBUG > 0
1284  log_legacy_write ("openvas_tcp_scanner: safe_checks=%d checks_read_timeout=%d\n", safe_checks, timeout);
1285 #endif
1286 
1287  {
1288  int max_host = 0, max_checks = 0, cur_sys_fd = 0, max_sys_fd = 0;
1289  struct rlimit rlim;
1290  FILE *fp;
1291  int i;
1292  double loadavg[3], maxloadavg = -1.0;
1293 #if DEBUG == 0
1294  int stderr_fd = dup(2);
1295  int devnull_fd = open("/dev/null", O_WRONLY);
1296  /* Avoid error messages from sysctl */
1297  dup2(devnull_fd, 2);
1298 #endif
1299 
1300  p = prefs_get ("max_hosts");
1301  if (p != NULL) max_host = atoi(p);
1302  if (max_host <= 0) max_host = 15;
1303 
1304  p = prefs_get ("max_checks");
1305  if (p != NULL) max_checks = atoi(p);
1306  if (max_checks <= 0 || max_checks > 5)
1307  {
1308  max_checks = 5; /* bigger values do not make sense */
1309 #if DEBUG > 0
1310  log_legacy_write ("openvas_tcp_scanner: max_checks forced to %d\n", max_checks);
1311 #endif
1312  }
1313 
1314  min_cnx = 8 * max_checks;
1315  if (safe_checks)
1316  max_cnx = 24 * max_checks;
1317  else
1318  max_cnx = 80 * max_checks;
1319 
1320  getloadavg(loadavg, 3);
1321  for (i = 0; i < 3; i ++)
1322  if (loadavg[i] > maxloadavg) maxloadavg = loadavg[i];
1323 
1324  if (max_sys_fd <= 0)
1325  {
1326  if ( find_in_path("sysctl", 0) != NULL )
1327  fp = popen("sysctl fs.file-nr", "r");
1328  else
1329  fp = NULL;
1330 
1331  if (fp != NULL)
1332  {
1333  if (fscanf(fp, "%*s = %*d %d %d", &cur_sys_fd, &max_sys_fd) == 1)
1334  max_sys_fd -= cur_sys_fd;
1335  else
1336  max_sys_fd = 0;
1337  pclose(fp);
1338  }
1339  }
1340  if (max_sys_fd <= 0)
1341  {
1342  if ( find_in_path("sysctl", 0) )
1343  fp = popen("sysctl fs.file-max", "r");
1344  else
1345  fp = NULL;
1346 
1347  if (fp != NULL)
1348  {
1349  if (fscanf(fp, "%*s = %d", &max_sys_fd) < 1)
1350  max_sys_fd = 0;
1351  pclose(fp);
1352  }
1353  }
1354 
1355  if (max_sys_fd <= 0)
1356  {
1357  if ( find_in_path("sysctl", 0) )
1358  fp = popen("sysctl kern.maxfiles", "r");
1359  else
1360  fp = NULL;
1361 
1362  if (fp != NULL)
1363  {
1364  if (fscanf(fp, "%*s = %d", &max_sys_fd) < 1)
1365  max_sys_fd = 0;
1366  pclose(fp);
1367  }
1368  }
1369 
1370  /* Restore stderr */
1371 #if DEBUG == 0
1372  close(devnull_fd);
1373  dup2(stderr_fd, 2);
1374  close(stderr_fd);
1375 #endif
1376 
1377  if (maxloadavg >= 0.0)
1378  {
1379 #if DEBUG > 0
1380  int x = max_cnx;
1381 #endif
1382  max_cnx /= (1.0 + maxloadavg);
1383 #if DEBUG > 0
1384  /* Useless, as stderr is temporarily closed */
1385  log_legacy_write ("openvas_tcp_scanner: max_cnx reduced from %d to %d because of maxloadavg=%f\n", x, max_cnx, maxloadavg);
1386 #endif
1387  }
1388 
1389 
1390 
1391 #if DEBUG > 0
1392  log_legacy_write ("openvas_tcp_scanner: max_sys_fd=%d\n", max_sys_fd);
1393 #endif
1394  if (max_sys_fd <= 0) max_sys_fd = 16384; /* reasonable default */
1395  /* Let's leave at least 1024 FD for other processes */
1396  if (max_sys_fd < 1024)
1397  x = GRAB_MIN_SOCK;
1398  else
1399  {
1400  max_sys_fd -= 1024;
1401  x = max_sys_fd / max_host;
1402  }
1403  if (max_cnx > x) max_cnx = x;
1404 #if 0
1405  log_legacy_write ("min_cnx = %d ; max_cnx = %d\n", min_cnx, max_cnx);
1406 #endif
1407  if (max_cnx > GRAB_MAX_SOCK) max_cnx = GRAB_MAX_SOCK;
1408  if (max_cnx < GRAB_MIN_SOCK) max_cnx = GRAB_MIN_SOCK;
1409 
1410  if (safe_checks && max_cnx > GRAB_MAX_SOCK_SAFE)
1411  max_cnx = GRAB_MAX_SOCK_SAFE;
1412 
1413  if (getrlimit(RLIMIT_NOFILE, &rlim) < 0)
1414  perror("getrlimit(RLIMIT_NOFILE)");
1415  else
1416  {
1417  /* value = one greater than the maximum file descriptor number */
1418  if (rlim.rlim_cur != RLIM_INFINITY && max_cnx >= rlim.rlim_cur)
1419  max_cnx = rlim.rlim_cur - 1;
1420  }
1421  x = max_cnx / 2;
1422  if (min_cnx > x) min_cnx = x > 0 ? x : 1;
1423 #if DEBUG > 0
1424  log_legacy_write ("openvas_tcp_scanner: min_cnx = %d ; max_cnx = %d\n", min_cnx, max_cnx);
1425 #endif
1426  }
1427 
1428  p_addr = hostinfo->ip;
1429  if( p_addr == NULL )
1430  return NULL; // TODO: before it returned "1";
1431  if (banner_grab(p_addr, port_range, timeout, min_cnx, max_cnx, desc) < 0)
1432  return NULL; // TODO: before it returned "1";
1433  plug_set_key(desc, "Host/scanned", ARG_INT, (void*)1);
1434  plug_set_key(desc, "Host/scanners/openvas_tcp_scanner", ARG_INT, (void*)1);
1435  return NULL;
1436 }
#define ARG_INT
Definition: arglists.h:40
#define RLIM_INFINITY
Definition: popen.c:32
void plug_set_key(struct arglist *args, char *name, int type, const void *value)
Definition: plugutils.c:658
#define GRAB_MAX_SOCK_SAFE
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
const gchar * prefs_get(const gchar *key)
Get a string preference value via a key.
Definition: prefs.c:86
struct in6_addr * ip
Definition: network.h:61
tree_cell * safe_checks(lex_ctxt *lexic)
char * find_in_path(char *name, int safe)
Definition: plugutils.c:1041
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
int prefs_get_bool(const gchar *key)
Get a boolean expression of a preference value via a key.
Definition: prefs.c:109
Here is the call graph for this function:

◆ plugin_run_synscan()

tree_cell* plugin_run_synscan ( lex_ctxt )

Definition at line 788 of file nasl_builtin_synscan.c.

References arg_get_value(), ARG_INT, islocalhost(), host_info::name, plug_get_host_ip(), plug_set_key(), prefs_get(), scan(), struct_lex_ctxt::script_infos, and timeval().

789 {
790  struct arglist *env = lexic->script_infos;
791  unsigned long rtt;
792  struct in6_addr *dst6 = plug_get_host_ip (env);
793  struct in_addr *dst;
794  struct in_addr inaddr;
795 #ifdef DEBUG
796  struct timeval tv;
797 #endif
798 
799  inaddr.s_addr = dst6->s6_addr32[3];
800  dst = &inaddr;
801 
802  if (islocalhost (dst))
803  return NULL;
804 
805  rtt = htonl (1 << 28);
806 
807 #ifdef DEBUG
808  printf ("RTT = 0x%.8x\n", ntohl (rtt));
809  tv = timeval (rtt);
810  printf ("That's %ld seconds and %ld usecs\n", tv.tv_sec, tv.tv_usec);
811 #endif
812 
813  struct host_info *hostinfo = arg_get_value (env, "HOSTNAME");
814  char *hostname = hostinfo->name;
815  const char *range = prefs_get ("port_range");
816  scan (env, hostname, (char *)range, dst6, rtt);
817  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
818  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void*)1);
819  return NULL;
820 }
#define ARG_INT
Definition: arglists.h:40
void plug_set_key(struct arglist *args, char *name, int type, const void *value)
Definition: plugutils.c:658
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface...
Definition: pcap.c:415
const gchar * prefs_get(const gchar *key)
Get a string preference value via a key.
Definition: prefs.c:86
char * name
Definition: network.h:58
A port range.
struct in6_addr * plug_get_host_ip(struct arglist *desc)
Definition: plugutils.c:216
int scan(struct arglist *env, char *hostname, char *portrange, struct in6_addr *dst6, unsigned long rtt)
struct timeval timeval(unsigned long val)
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
Here is the call graph for this function: